Update the certificate passwords in BEMS
BEMSto access your certificate private key, you must include the challenge password in the jetty.xml file. The password must be obfuscated. This can be done with the
BEMSSSL Tech Tool. For instructions, visit support.blackberry.com/community to read article 41823.
On the computer that hosts
BEMS, download the
BEMSTech Tools and extract the sslcert folder. You can download the
BEMSTech Tools here.
- Generate the obfuscated challenge password for your serverkey certificate private key and keystore password.When you run theBEMSSSL Tech Tool to obfuscate the password, theBEMSSSL Tech Tool generates a new gems.jks file. You can then delete the gems.jks file that the tool generates. TheBEMSSSL Tech Tool also generates a log file, SelfSignCertificate.log.0, for review. This file contains the same information as the screen outputs.
- In a command prompt, navigate to the extracted sslcert utility folder.
- Typesslcert.bat <mykeypassword> <mystorepassword> <fqdn of BEMS host>For example:sslcert.bat mykeypassword mystorepassword bemshost.example.com
- Copy the screen outputs to a text file for later reference.
- Backup the jetty.xml file. By default the jetty.xml file is located at<.drive>:\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<version>\etc
- Update thekeyStorePassword,trustStorePassword, andkeyManagerPasswordin the jetty.xml file with the obfuscated password. For examples, see Jetty.xml file reference.
- In a text editor, open the jetty.xml file.
- Locate the <New class="org.eclipse.jetty.util.ssl.SslContextFactory" id="sslContextFactory"> section.
- Locate the <Set name=”KeyStorePassword”> and <Set name=”TrustStorePassword”> elements and update them with the obfuscated passwords from the sslcert text outputs, Key Store Password and Trust Store Password, respectively. The text outputs are the obfuscated values of the keystore password, referenced as <mystorepassword> in step 1b.
- Locate the <Set name=”KeyManagerPassword”> element and update it with the new obfuscated password from the sslcert text output, Key Manager Password. The text output is the obfuscated value of the keypass password, referenced as <mykeypassword> in step 1b.
- Start theGood Technology Common Servicesservice from theWindowsService Manager.
- Test the new certificate by accessing theBEMSDashboard in a browser. Its certificate information now reflects the newly imported certificated.